1Policy: /usr/bin/lynx, Emulation: native ( 2 native-issetugid: permit < 3 native-mprotect: permit < 4 native-mmap: permit < 5 native-__sysctl: permit ( 6 native-fsread: filename eq "/var/run/ld.so.hints" then pe < 7 native-fstat: permit < 8 native-close: permit ( 9 native-fsread: filename match "/usr/lib/libssl.so.*" then | native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe 10 native-read: permit | native-connect: sockaddr match "inet-\\\[*\\\]:80" then p 11 native-fsread: filename match "/usr/lib/libcrypto.so.*" t | native-exit: permit 12 native-fsread: filename match "/usr/lib/libncurses.so.*" | native-fcntl: cmd eq "F_SETFD" then permit 13 native-fsread: filename match "/usr/lib/libc.so.*" then p | native-fsread: filename eq "/" then permit 14 native-munmap: permit | native-fsread: filename match "/<non-existent filename>: 15 native-sigprocmask: permit | native-fsread: filename eq "/etc/lynx.cfg" then permit 16 native-fsread: filename eq "/etc/malloc.conf" then permit ( 17 native-getpid: permit | native-fsread: filename eq "/etc/resolv.conf" then permit 18 > native-fsread: filename eq "/etc/utmp" then permit 19 > native-fsread: filename eq "/home" then permit 20 > native-fsread: filename eq "$HOME" then permit 21 > native-fsread: filename eq "$HOME/.lynx-keymaps" then per 22 > native-fsread: filename eq "$HOME/.lynxrc" then permit 23 > native-fsread: filename eq "$HOME/.mailcap" then permit 24 > native-fsread: filename eq "$HOME/.mime.types" then permi 25 > native-fsread: filename eq "$HOME/.terminfo" then permit 26 > native-fsread: filename eq "$HOME/.terminfo.db" then perm 27 > native-fsread: filename eq "/obj" then permit 28 native-fsread: filename eq "/tmp" then permit ( 29 native-fswrite: filename match "/tmp/lynx-*" then permit ( 30 native-fsread: filename match "/tmp/lynx-*/." then permit ( 31 native-fsread: filename eq "$HOME" then permit < 32 native-fsread: filename eq "/etc/lynx.cfg" then permit < 33 native-fsread: filename eq "/" then permit < 34 native-fsread: filename eq "/usr/obj/bin/systrace/." then < 35 native-fsread: filename eq "/usr/obj/bin" then permit < 36 native-fcntl: permit < 37 native-getdirentries: permit < 38 native-lseek: permit < 39 native-fsread: filename eq "/usr/obj" then permit < 40 native-fsread: filename eq "/usr" then permit ( 41 native-fsread: filename eq "/usr/bin" then permit ( 42 native-fsread: filename eq "/usr/games" then permit ( 43 native-fsread: filename eq "/usr/include" then permit ( 44 native-fsread: filename eq "/usr/lib" then permit ( 45 native-fsread: filename eq "/usr/libdata" then permit ( 46 native-fsread: filename eq "/usr/libexec" then permit ( 47 native-fsread: filename eq "/usr/lkm" then permit ( 48 native-fsread: filename eq "/usr/local" then permit ( 49 native-fsread: filename eq "/usr/mdec" then permit ( 50 native-fsread: filename eq "/home" then permit ( 51 native-fsread: filename eq "/obj" then permit ( 52 native-fsread: filename eq "$HOME/.lynxrc" then permit ( 53 native-fsread: filename match "/<non-existent filename>: ( 54 native-fsread: filename eq "/usr/obj/bin/systrace/.mailca ( 55 native-fsread: filename eq "$HOME/.mailcap" then permit ( 56 native-fsread: filename eq "/usr/obj/bin/systrace/.mime.t ( 57 native-fsread: filename eq "$HOME/.mime.types" then permi < 58 native-sigaction: permit < 59 native-ioctl: permit < 60 native-fsread: filename eq "$HOME/.terminfo.db" then perm < 61 native-fsread: filename eq "$HOME/.terminfo" then permit < 62 native-fsread: filename eq "/usr/share/misc/terminfo.db" ( 63 native-pread: permit < 64 native-write: permit < 65 native-fsread: filename eq "$HOME/.lynx-keymaps" then per < 66 native-fsread: filename eq "/var/run/dev.db" then permit ( 67 native-fsread: filename eq "/etc/utmp" then permit | native-fsread: filename eq "/var/run/ld.so.hints" then pe 68 native-poll: permit | native-fstat: permit 69 native-nanosleep: permit | native-fswrite: filename match "/tmp/lynx-*" then permit 70 > native-getdirentries: permit 71 > native-getpid: permit 72 native-gettimeofday: permit ( 73 native-fsread: filename eq "/etc/resolv.conf" then permit | native-ioctl: permit 74 native-socket: sockdom eq "AF_INET" and socktype eq "SOCK | native-issetugid: permit 75 native-connect: sockaddr eq "inet-[127.0.0.1]:53" then pe | native-lseek: permit 76 native-sendto: true then permit | native-mmap: permit 77 native-select: permit | native-mprotect: prot eq "PROT_READ" then permit 78 > native-mprotect: prot eq "PROT_READ|PROT_EXEC" then permi 79 > native-mprotect: prot eq "PROT_READ|PROT_WRITE" then perm 80 > native-mprotect: prot eq "PROT_READ|PROT_WRITE|PROT_EXEC" 81 > native-munmap: permit 82 > native-nanosleep: permit 83 > native-poll: permit 84 > native-pread: permit 85 > native-read: permit 86 native-recvfrom: permit ( 87 > native-select: permit 88 > native-sendto: true then permit 89 > native-sigaction: permit 90 > native-sigprocmask: permit 91 > native-socket: sockdom eq "AF_INET" and socktype eq "SOCK 92 native-socket: sockdom eq "AF_INET" and socktype eq "SOCK ( 93 native-connect: sockaddr match "inet-\\\[*\\\]:80" then p | native-write: permit 94 native-exit: permit < 95